1. Field of the Invention
The invention is related to the field of communications, and in particular, to providing authentication of users in a conversion system by using a key to compute passwords to authenticate the users.
2. Statement of the Problem
Voice over Internet Protocol (VoIP) communications is gaining popularity in businesses and private residences. To get VoIP service, a user contacts a VoIP service provider and the VoIP service provider provides the user with an account, a telephone number, etc. The user obtains a user name and a password in order to log in to the account to receive the VoIP service. Upon power up of the user's VoIP phone, the VoIP phone registers with a telephony server of the service provider. As part of the registration process, the telephony server attempts to authenticate the user by requesting a user ID and proof that the user has the password, in the form of a set of credentials. The user may enter the user ID and the password through a dialog window of a user interface on the VoIP phone, or the VoIP phone may be programmed with the user ID and the password. In either case, the VoIP phone derives credentials based on the password, and transmits the user ID and the credentials to the telephony server. The credentials can only be derived if the password is known. In this way, the user can prove he or she has the password, without exposing the password to unauthorized persons. The telephony server uses the same method to derive credentials from the user's password known to the telephony server, and then compares the user ID and the credentials received from the user to a known user ID and the derived credentials to authenticate the user.
Some times the protocol used by the VoIP phone is different than the protocol used by the telephony server of the service provider. In this instance, a protocol converter (or signaling converter) is used as a gateway between the VoIP phone and the telephony server. If the different protocols are compatible for authentication purposes, then the protocol converter forwards the user ID and credentials from the VoIP phone to the telephony server and the telephony server performs the user authentication.
If the different protocols are not compatible for authentication purposes, a problem exists that the protocol converter cannot just forward the user ID and the credentials to the telephony server. For instance, one protocol used in older generations of VoIP service is H.323 protocol. One protocol used in newer generations is Session Initiation Protocol (SIP). H.323 and SIP are not compatible for authentication purposes as different cryptographic techniques are used to generate the credentials for a user and there is no clean conversion between the protocols. If an H.323 VoIP phone initiates a call to a SIP telephony server, then a protocol converter needs to authenticate the user in H.323 protocol.
To authenticate the user, the protocol converter receives a user ID and the credentials of the user in the H.323 protocol. The protocol converter compares the received user ID and credentials with a stored user ID and the credentials derived from a password stored for the user in order to authenticate the user. The protocol converter either stores user IDs and passwords for multiple users of the service provider, or queries a master database that stores user IDs and passwords for multiple users. If the received user ID and credentials match the stored user ID and the credentials derived from the stored password, then the protocol converter is able to verify the identity of the user. The protocol converter then generates new credentials for the user according to the SIP protocol used by the telephony server, and transmits the user ID and the new credentials to the telephony server. The telephony server then authenticates the user in a similar manner in SIP.
One problem with operating a protocol converter in the manner described above is that an undue burden is put on the protocol converter to authenticate users. If the protocol converter stores user IDs and passwords for multiple users internally, then the protocol converter unfortunately needs to include and maintain a large database in order to store the user IDs and passwords for authentication purposes. If the protocol converter queries a master database for user IDs and passwords, then the protocol converter unfortunately needs to have a signaling link and associated circuitry capable of communicating with the master database according to a protocol used by the master database.